From owner-freebsd-security@FreeBSD.ORG Fri Aug 8 14:00:58 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A39D106564A for ; Fri, 8 Aug 2008 14:00:58 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from crivens.kernel32.de (crivens.terrorteam.de [81.169.171.191]) by mx1.freebsd.org (Postfix) with ESMTP id 1EE768FC19 for ; Fri, 8 Aug 2008 14:00:57 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from www.terrorteam.de (localhost [127.0.0.1]) by crivens.kernel32.de (Postfix) with ESMTP id 3FFC3B0297; Fri, 8 Aug 2008 16:00:56 +0200 (CEST) MIME-Version: 1.0 Date: Fri, 8 Aug 2008 16:00:56 +0200 From: Marian Hettwer To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, thompsa@FreeBSD.ORG In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> References: <200808081318.m78DIaXJ017555@lurza.secnetix.de> Message-ID: <293d3dc9ebaee1119424aa58532d3c5d@localhost> X-Sender: mh@kernel32.de User-Agent: RoundCube Webmail/0.1-rc2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2008 14:00:58 -0000 Hi Oliver, On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme wrote: > Andrew Thompson wrote: > > Pete French wrote: > > > > The bce driver is not properly generating link state events. > > > > > > OK, that explains why it doesnt failover - but why does looking at it > > > with ifconfig make a difference ? surely that should be 'read only ? > > > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the > stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. > And regarding documentation. It should be documented, that lagg(4) won't work very well with bce(4). If it's nowhere documented that bce and failover with lagg doesn't work, some people might be screwed... Just my 0,02 cents ./Marian